For Single Sign-On (SSO) to function properly, a user with a matching email address must already exist within directus_users. If you would like to manage users externally then you would use our SCIM endpoints.

Sign Up: First create a Developer Okta account at https://developer.okta.com/signup/

Get Email: Once you've created an account, a temporary password will be emailed to you.

Log In: Activate your account by logging in with this temporary password and setting a new password.

Create App: Create a new Okta web application by choosing Applications in the main menu and then clicking on "Add Application". https://<your-okta-id>-admin.oktapreview.com/admin/apps/active

Choose Web: Pick Web, click Next.

Login Redirect: Make sure that Login Redirect URIs is set to [your-directus-host]/[project-name]/auth/sso/okta/callback. For example http://localhost/_/auth/sso/okta/callback.

Get Keys: Click on the newly created application and go to General > Client Credentials and you will see the Client ID and the Client Secret. Use these values for the Okta client_id and client_secret in your API project configuration, eg: config/api.php (default) or config/api.<project-name>.php.

Base URL: The base_url can be found under API in the main menu. You will see a list of Authorization Servers to pick from. The URL is under the column labeled Issuer URI.

SCIM

Okta is also capable of externally managing your Directus users, allowing for more unified user provisioning within your organization. This is accomplished by using our API's dedicated SCIM endpoints.